9cdaa40480f866e60dfb1b7f06f3a6b0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9cdaa40480f866e60dfb1b7f06f3a6b0N.exe
Size

220KB
MD5

9cdaa40480f866e60dfb1b7f06f3a6b0
SHA1

1b4cafc1309698d1517baf7d22f5bfd9eafa4e08
SHA256

dc0edf115ced9f3c5ff105c3ec635962f7e4d1c03acf09a4ef4ad1060f7cf579
SHA512

4c2dbc10739de7bd38d756068c47eb679da2eed6f4d090e2c163d14ce1bac3945cbcab10fae49fa0ec0ebdda168ebf5f6c2ae17f73fe3205315afa709b4297ff
SSDEEP

1536:VuFwRzDFPoJqj6qLvV9LkCZeonXSGFTLr5PeNbSXrxVk1nf:9HyJqj9LkCZeoXlFFeNerE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9cdaa40480f866e60dfb1b7f06f3a6b0N.exe

Files

9cdaa40480f866e60dfb1b7f06f3a6b0N.exe
.exe windows:1 windows x86 arch:x86

9cc34d364e8f0715ee15ba0f0f2ea28d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

CreateThread
CopyFileA
CreateFileMappingA
CreateMutexA
DeleteFileA
CreateProcessA
CreateFileA
EnumResourceNamesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
FindResourceA
CloseHandle
FreeLibrary
FindClose
GetCommandLineA
GetCurrentProcessId
GetComputerNameA
GetDriveTypeA
GetFileAttributesA
GetEnvironmentStrings
GetFileType
GetFileSize
GetLocalTime
GetFileTime
GetLastError
GetModuleFileNameA
GetPrivateProfileIntA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetSystemDirectoryA
GetConsoleScreenBufferInfo
GetTempPathA
GetTickCount
GetStdHandle
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
LoadLibraryA
GlobalReAlloc
GlobalFree
GlobalUnlock
GetVolumeInformationA
LoadLibraryExA
LoadResource
GlobalLock
MapViewOfFile
LockResource
MoveFileA
OpenFile
OpenMutexA
RaiseException
GlobalHandle
ReadFile
ReleaseMutex
SizeofResource
SetFileAttributesA
SetFilePointer
SetFileTime
SetThreadPriority
ExitProcess
TlsGetValue
TlsAlloc
Sleep
TlsSetValue
WaitForSingleObject
WriteFile
VirtualAlloc
VirtualFree
_lread
_llseek
_lopen
WritePrivateProfileStringA
_lclose
_lcreat
SetErrorMode
SetEndOfFile
RtlUnwind
_lwrite

user32

CharUpperA
GetMessageA
CharToOemA
DefWindowProcA
CreateWindowExA
DispatchMessageA
FindWindowA
GetKeyNameTextA
GetWindowTextA
KillTimer
OemToCharA
OemToCharA
MessageBoxA
RegisterClassA
PostMessageA
PostQuitMessage
SetTimer
SendMessageA
TranslateMessage
ShowWindow
SetWindowTextA
SetWindowsHookExA
UpdateWindow
UnhookWindowsHookEx

wsock32

inet_addr
recv
htons
closesocket
connect
WSAStartup
WSACleanup
gethostbyname
send
socket

Sections

UPX0
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9cc34d364e8f0715ee15ba0f0f2ea28d

Headers

File Characteristics

Imports

advapi32

kernel32

user32

wsock32

Sections

UPX0 Size: 124KB - Virtual size: 124KB

UPX1 Size: 8KB - Virtual size: 8KB

UPX2 Size: 84KB - Virtual size: 84KB

UPX0
Size: 124KB - Virtual size: 124KB

UPX1
Size: 8KB - Virtual size: 8KB

UPX2
Size: 84KB - Virtual size: 84KB